Tag: security

Kernel and pre-boot DMA Protection

Kernel Direct Memory Access (DMA) Protection is a Windows security feature that protects against external peripherals from gaining unauthorized access to memory. PCIe hot plug devices attach classes of external peripherals, including graphics cards, to their devices with the plug-and-play ease of USB. These devices are DMA-capable, and can access system memory and perform read and write operations without the need for the system processor’s involvement. This makes them susceptible to drive-by DMA attacks.

pre-boot DMA Protection enables equivalent DMA protection at the system BIOS level.

When DMA Protection is enabled
1. No devices can do DMA to the DMA protected device between BIOS POST complete and OS driver load.
2. During BIOS POST also the EFI device driver will make sure the device will work on a DMA remapped region.
3. Some OS will make sure the driver is loaded only when the system is unlocked.

Drive-by DMA attacks are attacks that occur while the owner of the system isn’t present and usually take just a few minutes, with simple-to-moderate attacking tools (affordable, off-the-shelf hardware and software), that don’t require the disassembly of the device. In supply chain the attacker can install a temporary off-the-shelf hardware and exploit the system BIOS.

Source: Kernel DMA Protection – Windows Security

Classification of Cryptographic Keys

A cryptographic key  is just a random string consisting of hundreds or thousands of ones and zeroes (i.e., binary digits, or “bits”).

Symmetric key encryption algorithms use a single symmetric key for both encryption and decryption, whereas asymmetric key encryption algorithms (aka public key algorithms) use two different but related keys for encryption and decryption.

Cryptographic keys may be either static (designed for long term usage) or ephemeral (designed to be used only for a single session or transaction). The crypto-period (i.e., lifetime) of static keys may vary from days to weeks, months, or even years depending on what they are used for.

The length of a key must align with the algorithm that will use it. Symmetric keys may have a lesser length compared to assymetric keys.

key length should be chosen based on a number of factors, such as:

  • The algorithm being used
  • The strength of security required
  • The amount of data being processed with the key
  • The crypto-period of the key

Common functions for cryptographic keys

  • Data Encryption Key to encrypt the data.
  • Authentication Key to authenticate the originator or the origination of the data.
  • Digital Signature Key provides assurance about the integrity and originator of the associated data and also the signature is valid or not.
  • Key Encryption Key (aka Key Wrapping Key or Key Transport Key) used to transport another key or wrap arooud the key.
  • Master Key is a symmetric key that is used to encrypt multiple subordinate keys. Secured via HSM.
  • Root Key is the topmost key in a Public Key Infrastructure (PKI) hierarchy. Used to authenticate and sign digital certificates.

KMS are used to ensure keys are

  • generated to the required length using a high-quality random data source
  • well protected (generally using an HSM)
  • managed only by authorized personnel in accordance with defined policies
  • used only for the functions they were intended for
  • updated according to their crypto-period
  • deleted when no longer required
  • fully auditable to provide evidence of correct (or incorrect) usage

Source: Classification of Cryptographic Keys



Root kernel vulnerability threatens many Linux distributions – Market Research Telecast

2 new vulnerabilities detected. One due to conversion errors in file system allows to access the kernel address space(vulnerability (CVE-2021-33909).

Another vulnerability (CVE-2021-33910) is due to systemd which can be exploited to do a DoS attack and cause kernel panic.

Source: Root kernel vulnerability threatens many Linux distributions – Market Research Telecast